Here’s a bit of a writeup I did for some folks who were being hit with a bout of malware email messages (the actual attachments were being removed by our filters).

The message(s) you received were an attempt to infect your computer with malware, the mail server on receiving the message removed the dangerous attachment but in general if you receive an attachment that you’re not expecting, do not open it – malware writers are creative and may come up with something that the mail server won’t block, at least not while the attack is new. This is the first attempt I remember seeing that pretended to be travel arrangements, but it’s not a surprising development.

IF support staff for a service you are using need access to your account or information within it, they can get that access without needing your password. Nobody should be asking for your password.

This applies to email (e.g. Hotmail/Windows Live, Yahoo, Google and many others), social networking (Facebook, LinkedIn, MySpace, etc.), online photos (Flickr, etc.), and especially applies to your banking and finances. NO bank or financial services employee should ever ask for your password – bank policies generally prohibit them from doing so as a firing offense.

Think of someone asking for your password the same way you’d think about a stranger walking up to you on the street and saying “Hi, I’m with the village. I need your home address and your house keys.” No matter how friendly and professional looking, would you just give your keys to a stranger like that?